Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
Description: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses these vulnerabilities by modifying the way PGM parses malformed packets.
Update type: Moderate
Release date: June 10, 2008
Applies to: All
Knowledge base: http://support.microsoft.com/kb/950762
Comments: Here are the specifics on the vulnerabilities covered by this update:
- PGM Invalid Length Vulnerability – CVE-2008-1440
- PGM Malformed Fragment Vulnerability – CVE-2008-1441
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB950762.